<?php include "db.php"; ?>
<?php include "user.php"; ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">  
<head>  
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />  
<title>User Management System</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>  
<body>  
<div id="main">

<?php
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['User']))
{
	$user = unserialize($_SESSION['User']);
	 ?>

	 <h1>Member Area</h1>
     <p> Thanks for logging in! You are <b><?=$user->getEmail()?></b>.</p>
	 <p> If you have the correct permission level, access the secret page <a href="secret.php"> here </a> </p>
	 
	<form method="post"> 
	<input type="submit" name="submit" value="Logout"> 
	</form>
	<?php
	if(isset($_POST['submit'])) { 
		session_destroy();
		?>
		<meta http-equiv='refresh' content='=2;index.php' />
		<?php
	}
	
}
elseif(!empty($_POST['email']) && !empty($_POST['password']))
{
	$user = new User($_POST['email'],$_POST['password']);
			
    if($user->userFound())
    {
        $_SESSION['LoggedIn'] = 1;
		$_SESSION['User'] = serialize($user);
        
    	echo "<h1>Success</h1>";
        echo "<p>We are now redirecting you to the member area.</p>";
        echo "<meta http-equiv='refresh' content='=2;index.php' />";
    }
    else
    {
    	echo "<h1>Error</h1>";
        echo "<p>Sorry, your account could not be found. Please <a href=\"index.php\">click here to try again</a>.</p>";
    }
}
else
{
	?>
    
   <h1>Member Login</h1>
    
   <p>Please either login below, or <a href="register.php">click here to register</a>.</p>
    
	<form method="post" action="index.php" name="loginform" id="loginform">
	<fieldset>
		<label for="email">Email:</label><input type="text" name="email" id="email" /><br />
		<label for="password">Password:</label><input type="password" name="password" id="password" /><br />
		<input type="submit" name="login" id="login" value="Login" />
	</fieldset>
	</form>
	    
	<?php
}
?>

</div>
</body>
</html>
